Perform Approver Tasks

An Approver is a person who is authorized by an AGPM Administrator (Full Control) to create, deploy, and delete Group Policy Objects (GPOs) and to approve or reject requests (typically from Editors) to create, deploy, or delete GPOs.

Important   Make sure that you're connecting to the central archive for GPOs. For more information, see Configure an AGPM Server Connection.

Note   Before approving a GPO, an Approver should review the policy settings that it contains. The Approver role includes the permissions for the Reviewer role, so that an Approver can review policy settings and compare GPOs. See Performing Reviewer Tasks for more information.

Additional considerations

By default, the following permissions are provided for the Approver role:

  • List Contents

  • Read Settings

  • Create GPO

  • Deploy GPO

  • Delete GPO

Also, an Approver has full control over GPOs that they created or controlled.